Dockerfile.automated

FROM ubuntu:20.04

ARG BUILD_WITH_SECONDSIGHT=false
ARG ADD_SM
ARG ADD_PUM

# Initial setup
RUN apt-get update && \
	DEBIAN_FRONTEND=noninteractive apt-get install -y -q build-essential git nano curl jq wget gawk \
		nginx lsb-release rsyslog systemd apt-transport-https ca-certificates netcat sudo && \
	mkdir -p /etc/ssl/nginx /deployment

COPY ./container/startNIM.sh /deployment/

RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
        --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
	set -x \
	&& chmod +x /deployment/startNIM.sh \
	&& printf "deb https://pkgs.nginx.com/nms/ubuntu `lsb_release -cs` nginx-plus\n" > /etc/apt/sources.list.d/nms.list \
	&& wget -q -O /etc/apt/apt.conf.d/90pkgs-nginx https://cs.nginx.com/static/files/90pkgs-nginx \
	&& wget -O /tmp/nginx_signing.key https://cs.nginx.com/static/keys/nginx_signing.key \
	&& apt-key add /tmp/nginx_signing.key \
	&& apt-get update \
	&& apt-get install -y nms-instance-manager \
	&& curl -s http://hg.nginx.org/nginx.org/raw-file/tip/xml/en/security_advisories.xml > /usr/share/nms/cve.xml \
	# Optional Security Monitoring
	&& if [ "${ADD_SM}" = "true" ] ; then \
	apt-get -y install nms-sm; fi \
	# Optional WAF Policy Compiler
	&& if [ ! -z "${ADD_PUM}" ] ; then \
	apt-get -y install nms-nap-compiler-$ADD_PUM; fi \
	# Set permissions
	&& chmod +x /etc/nms/scripts/*.sh \
	&& wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_`dpkg --print-architecture` -O /usr/bin/yq \
	&& chmod +x /usr/bin/yq

# Optional Second Sight
WORKDIR /deployment
RUN if [ "$BUILD_WITH_SECONDSIGHT" = "true" ] ; then \
        apt-get install -y -q build-essential python3-pip python3-dev python3-simplejson git nano curl && \
        pip3 install fastapi uvicorn requests clickhouse-driver python-dateutil flask && \
	touch /deployment/counter.enabled && \
	git clone https://github.com/F5Networks/SecondSight && \
	cp SecondSight/f5tt/app.py . && \
	cp SecondSight/f5tt/bigiq.py . && \
	cp SecondSight/f5tt/cveDB.py . && \
	cp SecondSight/f5tt/f5ttCH.py . && \
	cp SecondSight/f5tt/f5ttfs.py . && \
	cp SecondSight/f5tt/nms.py . && \
	cp SecondSight/f5tt/utils.py . && \
	rm -rf SecondSight; fi
	
WORKDIR /deployment
CMD /deployment/startNIM.sh